Certified Implementer of ISO 27001 equips you with the knowledge and skills required to plan, implement, manage, monitor, and maintain an ISO 27001- compliant Information Security Management System (ISMS). The course evaluates ISO 27001 requirements and main challenges for, during and after implementation. You will learn to perform an ISO 27001 – compliant risk assessment, develop a risk treatment plan and select appropriate controls.
You will evaluate continuous learning principles and best practices for monitoring and improving your ISMS, dive into the ISO 27001 certification process and prepare your organization for a third- party audit. Beyond just theoretical considerations, the program evaluates the risk- based philosophy behind the standard, leadership-, stakeholders – and commitment aspects to align stakeholders on the program and ensure management buy-in, and the difference between doing the right things (compliance checkbox) versus doing the right things right (risk based).
At a Glance
ISO 27001 Certified Implementer course
3 days
Information security professionals responsible for ensuring compliance to information security requirements, project managers and consultants involved with the implementation of an ISMS.
Understand the key concepts, principles and implementation requirements of an ISMS (information security management system) based on the ISO/IEC 27001 standard
Doing the right things versus doing the right things right: Check box compliance versus risk- based approach
Scope and plan the implementation of an ISMS based on the ISO/IEC 27001 standard
Consider ISMS stakeholders, roles, responsibilities, authorities. Align stakeholders on your program, ensure senior management buy in.
Evaluate ISMS performance, identify nonconformities and initiate corrective actions applying continuous learning and improvement principles.
Prepare your organization for a third- party audit
Manage and drive continuous improvement
What’s included
- Official SECO-Institute course materials
- ISO/IEC 27001:2017 standard
- Passionate instructors with exceptional skills and experience
- Access to SECO Institute’s member portal
- Practice exam
- Exam voucher
- Membership to SECO’s Alumni Network after passing the exam
Syllabus
Day 1 – Setting the stage: Implementation process, requirements and pitfalls
Setting the stage: Implementation process, requirements and pitfalls
Day 1 starts with an introduction to ISMS in an information security risk management context. Key concepts, principles, terms and definitions of the ISO / IEC 27001:2017 standard are evaluated, and how you should interpret its requirements to define the scope of your ISMS. You will learn how the standard establishes the management cycle for information security and what steps you should take to ensure successful planning and implementation in practice. The course offers an overview of the process, main challenges and pitfalls, and prerequisites that should be met before ISO 27001 implementation and that will set the stage for more in-depth discussions during Day 2 and Day 3.
Topics covered:
• ISMS and information security risk management
• Information security objectives and control objectives
• Policies, processes and resources
• Phases of ISMS implementation
• History and structure of ISO 27001
• Determining the scope of an ISMS
• Leadership and commitment
• Organisational roles, responsibilities and authorities
• Planning, support and required documentation
• Risk assessment and risk treatment
Day 2 – Implementation, Risk Assessment, ISMS performance evaluation, internal audit and management review
Implementation, Risk Assessment, ISMS performance evaluation, internal audit and management review
From Day 2 onwards, the course takes a more in-depth and hands on approach towards implementation of the standard and ensure continuous improvement of the information security process. After a more thorough look at ISO/IEC 27001:2017 and ISO/IEC 27002:2022, challenges in selection and implementation of controls are discussed. ISMS stakeholders are evaluated and how to involve them and keep them involved in your program. Quite some time today is spent on risk and risk assessments, the very foundation of the information security practice. We will discuss how to avoid check-box compliance, the difference between doing the right things versus doing the right things right by taking a risk-based approach. You will learn how to evaluate ISMS performance, identify nonconformities, and take corrective actions. Lastly you will learn how to work with your internal audit department, prepare for an internal audit and management review.
Topics covered:
• Challenges in the selection and implementation of information security controls
• ISMS stakeholders
• Risk assessment, risk treatment and documentation
• ISMS performance evaluation, nonconformities and corrective actions
• Information security incident management
• Internal audit and management review
Day 3 – Implementation continued, deep dive in controls, prepare for a third-party audit
Implementation continued, deep dive in controls, prepare for a third-party audit
Day 3 starts with an evaluation of information security controls in more detail, focusing on the ISO/IEC 27002:2022 reference standard, its relationship with ISO/IEC 27001:2017 and how to analyze which controls may or may not reduce which risks. From thereon, the course will investigate the ISO 27001 certification process: You will evaluate how audits are performed, how to demonstrate compliance to an auditor, and what it takes to become and remain compliant. The course ends with a case study exercise, where you will advise your organization on the implementation of an ISMS and help them prepare for a third-party audit.
Topics covered:
•ISO 27002: 2022 Information security controls
•ISO 27001 certification
•Required processes
•Required and recommended documentation
•Auditor’s focus
•Case Study Exercise: ISMS Implementation and preparing for a third-party certification audit
Source:
